650-082 MITSE Mobile Internet Technology for System Engineers

Exam Number 650-082
Duration 60 minutes (55-65 questions)

This exam will test System Engineer’s knowledge of features, functions and design of the Cisco ASR 5000 mobile internet solution. There will be a focus on design and planning for deployment. Candidates should prepare for this exam by taking the Mobile Internet Technology for Account Managers course as the MIT SE exam covers content from both the AM and SE training courses.

Exam Topics
The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

Describe ASR 5000 Hardware and Software
Describe Understanding the StarOS Command Line Interface (CLI)
Describe Software Licensing and Upgrade
Describe ASR 5000 Core services for GPRS/UMTS – SGSN and GGSN Functionalities
Describe the Design and Implementation of xGSN
Describe Billing & Policy
Describe Statistics and Alarms
Describe Services Overview
Describe the Design and Implementation of LTE


QUESTION 1
What Cisco ASR 5000 services are needed for communication between a Serving Gateway and
Packet Data Network Gateway?

A. EGTP and GTPU
B. GTPU and PGW
C. SGW and GTPU
D. EGTP and SGW

Answer: B


QUESTION 2
Which option helps to define activities that are needed to successfully deploy and operate Cisco
technologies?

A. Smart Services
B. Cisco lifecycle Services
C. TAC
D. Cisco Technical Services

Answer: A


QUESTION 3
Which card has the resources to run multiple services?

A. system management card
B. switch processor I/O card
C. packet service card
D. redundant crossbar card

Answer: C


QUESTION 4
Which of these statements about the Web element Manager is true?

A. Clients can connect only by using the internet explorer or Safari Web browser.
B. The application provides FCAPS.
C. Fault management implements an easy-to-use point-and-click GUI to provide configuration for
one or more systems.
D. Supported accounting management operation system allow user to examine and perform real
time statistical analysis.

Answer: C


QUESTION 5
Which controller task is used to facilitate IP routing across and within contexts?

A. Session controller
B. Drive controller
C. VPN controller
D. Resource management controller

Answer: A

Click here to view complete Q&A of 650-082 exam
Certkingdom Review

MCTS Training, MCITP Trainnig

Best Cisco 650-082 Certification, Cisco 650-082 Training at certkingdom.com

Posted in Cisco, CISCO CCNP | Tagged , , , , , , , | Leave a comment

650-059 LCSARS Lifecycle Services Advanced Routing and Switching

The 650-059 LCSARS Lifecycle Services Advanced Routing and Switching exam tests a candidate’s knowledge and skills for the Cisco Lifecycle Services approach to help successfully sell, deploy, and support Cisco technologies and optimize their performance. Candidates can prepare for this exam by taking the LCSARS Lifecycle Services Advanced Routing and Switching course.

Exam Topics
The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

Describe the value of Cisco Lifecycle Services for Advanced Routing & Switching
Identify the phases of the Cisco Lifecycle Services for Advanced Routing & Switching
Identify the value of the Cisco Lifecycle Services for Advanced Routing & Switching
Describe the value of the service components included in the Prepare phase
Describe the value of the service components included in the Plan phase
Describe the value of the service components included in the Design phase
Describe the value of the service components included in the Implement phase
Describe the value of the service components in the Operate phase
Describe the value of the Service Component in the Optimize phase

Describe the value of the activities in each phase of the Cisco Lifecycle Services approach
Describe the value of the activities included in the Prepare phase
Describe the value of the activities included in the Plan phase
Describe the value of the activities included in the Design phase
Describe the value of the activities in the Implement phase
Describe the value of the activities included in the Operate phase
Describe the value of the activities included in the Optimize phase


QUESTION 1
Which two of these activities comprise the problem management service component in the operat
phase? (choose two.)

A. send a replacement module
B. schedule a maintenance window
C. manage the problem
D. identify the problem
E. confirm roles and responsibilities

Answer: C,D


QUESTION 2
Identify a customer support model for the solution is an activity thet is part of which service
component in the plan phase?

A. operations readiness assessment
B. planning project kickoff (deployment project management)
C. operations plan development
D. system requirements validation

Answer: A


QUESTION 3
Which three of these service components are included in the optimize phase? (choose three.)

A. change management
B. security administration
C. technology assessment
D. operations assessment
E. operations readiness assessment
F. security assessment

Answer: C,D,F


QUESTION 4
Utilizing a trouble ticketing system to track problems is a part of which service component in the
operate phase?

A. operations setup
B. change management
C. problem management
D. systems monitoring

Answer: C


QUESTION 5
Execute the systems acceptance test plan is an activity that is part of which service component in
the implement phase?

A. phased implementation
B. acceptance testing
C. staff training
D. full system migration

Answer: B

 

 

Click here to view complete Q&A of 650-059 exam
Certkingdom Review

MCTS Training, MCITP Trainnig

Best Cisco 650-059 Certification, Cisco 650-059 Training at certkingdom.com

Posted in Cisco | Tagged , , , , , , , | Leave a comment

Google’s cloud finds a friend in Red Hat

A symbiotic move

Google and Red Hat had a Kumbaya moment today when the two companies announced integration between Red Hat’s OpenShift platform as a service and Google’s IaaS public cloud platform.

Specifically, Red Hat will offer OpenShift Dedicated, the managed OpenShift cloud service on Google’s Cloud Platform (GCP). It’s a win-win for both companies.

Since Diane Greene came on board at Google we’ve been waiting for some news from Google. While not every little announcement from Google should be viewed as Greene acting as a puppeteer, these moves also would not be happening if she disagreed with them. So, I think it’s safe to surmise that Greene’s fingerprints are beginning to show up at GCP.

It’s a good partnership for Google. At its most basic level, this is a big customer win for Google’s cloud. Red Hat will be running its PaaS on top of Google’s IaaS. Down the line, the two companies will partner to integrate Google Cloud Platform features into the OpenShift platform.

Job number one for Greene, according to many in the industry I’ve spoken with, was to build up enterprise traction for Google’s cloud. Red Hat is as good of a partner as any to do that with. This is not a new partnership though. Before Greene came on board, Google began offering Red Hat Enterprise Linux (RHEL) OS on its cloud. They’re partnered on the Cloud Native Computing Foundation too.

It’s a good move for Red Hat too. The venerable open source giant is trying to build itself up as THE container focused company. And Google’s cloud is seen as one of the best platforms for running containers, thanks to its Kubernetes container manager. Red Hat completely redesigned OpenShift to be a container-centric PaaS. So it makes sense that Red Hat would want to host OpenShift on the best IaaS for containers. The move reinforces the need for PaaS vendors to find an IaaS partner. Salesforce’s Heroku, for example, runs atop Amazon Web Services.

Another interesting note is that Google has a partnership with VMware too. Google provide scale-out IaaS capacity beyond VMware’s vCloudAir’s capabilities. VMware and Red Hat are fierce competitors. Greene will have to navigate these partnership waters carefully. But at this point all of the partnerships (Google/Red Hat and Google/VMware) make perfect sense for all these companies.

Click here to view complete Q&A of 220-802 exam
Certkingdom 20% Discount Promotion Coupon Code: 45K2D47FW4

MCTS Training, MCITP Trainnig

Best Cisco 220-802 Certification, Cisco 220-802 Training at certkingdom.com

 

Posted in Google, RedHat | Tagged , , , | Leave a comment

The first fruits of Intel’s biggest buy ever will come this quarter

The first chips that combine Intel and Altera components will ship in the first quarter

Intel welcomed employees from its massive Altera acquisition this week, and the first products from the deal will come out this quarter.

The chipmaker poured out $16.7 billion [B] to buy Altera, which makes FPGAs (field programmable gate arrays), or chips that can be reprogrammed for specific tasks. The first chip that combines Intel and Altera technology will go into servers, cars, robots, the Internet of Things, automation equipment and other products, Intel says.

Intel will start shipping its first server chips with Altera’s FPGAs to select “leading-edge” cloud customers this quarter, Intel CEO Brian Krzanich said during an earnings call on Thursday.

The products will be multi-chip modules, in which Intel’s server chips and Altera FPGAs will be separate processing units. The modules are scheduled for mass production next year.

The ability to reprogram Altera FPGAs will make it easier for Intel to create custom chips, which Krzanich said are accounting for a larger chunk of server chip shipments.

Intel is also working to integrate Altera’s intellectual property inside its own silicon, improving performance and power efficiency, Krzanich said. He gave no release date for those chips.

Intel had already announced its intention to provide server chips with Altera FPGAs. It hadn’t clearly stated plans for Altera IP in its own chips until now.

The Intel-Altera product roadmap was announced during an earnings call for the fourth quarter of 2015, which ended on Dec. 26. The acquisition of Altera, which closed on Dec. 28, will boost revenue in fiscal 2016, Intel officials said.

The purchase is also part of Intel’s effort to pivot into other areas as the PC market weakens. The memory, data center and Internet of Things divisions generated 40 percent of Intel’s revenue in fiscal 2015, and that share will grow in 2016, Krzanich said.

Altera will be part of a new group called Programmable Solutions Group, which will report to Krzanich. It’ll be much like Intel’s Security Group, which was created after the McAfee acquisition.

Intel posted revenue of $14.9 billion for the fourth quarter of 2015, growing by 1 percent from the same quarter in 2014. Its profit was $3.6 billion, down by 1 percent.

Revenue for the Client Computing Group, which deals in PC and mobile chips, was $8.8 billion, declining by 1 percent year-over-year. The Data Center Group recorded revenue of $4.3 billion, up by 5 percent. Revenue for the IoT group grew by 6 percent to $625 million.

 

Click here to view complete Q&A of N10-006 exam
Certkingdom 20% Discount Promotion Coupon Code: 45K2D47FW4

MCTS Training, MCITP Trainnig

Best Cisco N10-006 Certification, Cisco N10-006 Training at certkingdom.com

 

Posted in Intel | Tagged | Leave a comment

Apple’s chorus of critics: How wrong can they be?

The Apple-is-doomed crowd’s arguments are sound, but they’re also simply not true

Your daughter comes home from school with a report card studded with A’s. You (1) give her a hug and raise her allowance or (2) ground her and tell her you know she’ll never do this well again.

Perversely enough, too many pundits and academics have chosen option No. 2 since Apple CEO Tim Cook presented investors the company’s most recent financial report card — a fourth-quarter earnings story that featured record sales at Apple, rapid growth, and (most important) a quarterly profit that is the largest ever recorded by a publicly traded company.

My favorite headline since the fourth-quarter report: “We shouldn’t be dazzled by Apple’s earnings report,” published in the Harvard Business Review. My favorite sentence in the article by Juan Pablo Vazquez Sampere was this: “Announcing boatloads of money, as if that were point, makes us think Apple no longer has the vision to keep on revolutionizing.”

Foolish me. I thought that making money was the point for a corporation. I’m shocked that Vazquez Sampere, a professor of business administration at IE Business School in Spain, would think otherwise. (Thanks to Jean-Louis Gassée for pointing out the article in his Monday Note blog.)

By any rational standard, Apple is simply killing it. It sucks up more than nine out of every 10 dollars of profit earned by smartphone makers, is on the verge of passing its only credible rival in phone sales, has built a leading position in the huge Chinese market, and is returning boatloads of cash to investors.

Less obvious, but critical, is the end of the subsidized-device model in the cellular market. According to the critics, this would sink Apple’s margins because it raised device costs to users, but has done nothing of the kind.

Oh, the shame of it all.
The carriers’ new device pricing hasn’t hurt Apple one bit

Any number of poorly considered articles tend to make one point that’s undeniably true: No company can continue to grow as fast as Apple has. At some point, the Law of Large Numbers kicks in and growth on a percentage basis slows. Duh! As I pointed out last month, Apple’s stock will take a hit when its earnings go from amazing to plain ol’ darned good. That’s because the market expectation is unrealistic, not because Apple is doomed.

The Apple-is-doomed crowd has a fixation on another theory as well: As cellular carriers move away from subsidized smartphone sales, customers will freak out when they learn that their new iPhone will cost more than $600. That shock will force Apple to cut prices and slash its astonishingly high margins, pummeling its profitability.

That’s not a stupid argument. But it’s not true. Dropping the subsidy and killing mandatory contracts was good for the carriers — but it also has been embraced by a public that was sick to death of being locked into two-year contracts.

Remember, the shift away from subsidized devices happened well before the launch of the iPhone 6. Yet Apple sold 34,000 iPhone 6 and iPhone 6 Plus every hour for the entirety of the final quarter of 2014, a total of 75.4 million. Its average selling prices (ASPs) have not fallen — meaning Apple hasn’t had to lower prices to get those sales.

The carriers, led by T-Mobile CEO John Legere, have very cleverly taken some of the sting out of the new pricing model by introducing interest-free financing, reducing data plan costs for customers who opt to buy smartphones outright, and offering more liberal upgrade policies. You could argue that people may actually be paying more for the total package of phones and service, but they’re not really feeling it, and the result is that sales haven’t been hurt a bit.

Apple gobbles even more of the smartphone profits

Not only is Apple selling record numbers of iPhones, it is also earning a ridiculous share of the industry’s profits.

Apple earned about $19.4 billion in pretax profits from selling its lineup of iPhones in the holiday quarter, estimated Michael Walkley, a financial analyst who covers Apple for Canaccord Genuity. That represented about 93 percent (an all-time high for Apple) of the total operating profits generated by the entire smartphone industry, Walkley wrote.

A year ago, when critics were grumbling that Apple had forgotten how to innovate, it still gobbled up 75 percent of the industry’s smartphone profits, Walkey said.

Samsung, meanwhile, picked by critics as the company most likely to beat Apple into the ground, is losing ground. Samsung overtook Apple as the biggest smartphone maker globally in the third quarter of 2011, but Apple is rapidly closing the gap, according to IDC. In the fourth quarter of 2013, Samsung sold 33 million more smartphones than Apple; a year later that lead had shriveled to 600,000, and it may well evaporate entirely in 2015, IDC predicts.

As to other mobile platforms, once you get past iOS and Android, there’s no there there. Windows Phone, for example, has a global market share of 2.7 percent, reports IDC. I’d be much more concerned about Apple’s future if there were another significant mobile platform, but there isn’t.

Worries about market saturation in the United States are sensible, but Apple has a great response: China. Apple sold more smartphones in China last quarter than any of its rivals. “This is an amazing result, given that the average selling price of Apple’s handsets is nearly double those of its nearest competitor,” according to a report from Canalys, a market researcher.

Apple can’t grow this fast forever, it may be too dependent on a single product (the iPhone), and it appears to be cannibalizing sales of the iPad. Those are reasonable concerns.

But Apple brought home a straight-A report card last month — so give Tim Cook a well-deserved hug the next time you see him.

Click here to view complete Q&A of N10-006 exam
Certkingdom 20% Discount Promotion Coupon Code: 45K2D47FW4

MCTS Training, MCITP Trainnig

Best Cisco N10-006 Certification, Cisco N10-006 Training at certkingdom.com

 

Posted in Apple | Tagged , , , | Leave a comment

Is Dropbox planning a P2P option? New patent suggests it’s looking beyond the cloud

Dropbox has been granted a patent on a new peer-to-peer file-sharing technology that suggests it may be planning an alternative to its existing cloud-based service.

Designed to facilitate file sharing across devices without the need for content to go through its own cloud servers, the new technology promises faster download speeds, Dropbox said.

It can “eliminate bottlenecks, thereby increasing the speed” at which content items can be shared among individuals, Dropbox explained in U.S. Patent Application 20150358297. Cryptographic keys, meanwhile, add security and prevent conflicts during synchronization.

The patent was published last month but only came to light this week. Dropbox did not respond to a request for further detail.

Though the patent award doesn’t mean that Dropbox will necessarily be able to turn the technology into a viable product, it does pave the way for a new service focusing on the transfer of large files, said T.J. Keitt, a senior analyst with Forrester Research.

That, in turn, could help Dropbox make headway with businesses that deal in massive file formats, such as media and entertainment firms or architecture firms that work with large CAD files.

“Dropbox could begin to push into the managed file-transfer space, as they’re giving customers more control over where and how large content is distributed” — all from a well-established interface, Keitt pointed out. “This could allow Dropbox to become a file-transfer standard in some of its well-established verticals.”

A peer-to-peer service could also have implications for businesses wrestling with data-sovereignty issues following the death of the Safe Harbor agreement.

“It removes Dropbox’s cloud from the conversation, allowing businesses to warehouse their content in places of their choosing,” Keitt noted.

Of course, there are already other alternatives in that space, including BitTorrent Sync. So, Dropbox will have to demonstrate that its new P2P technology is not only competitive but also as reliable as its existing cloud-based offering.

“Before we make any pronouncements on whether this solves the data-sovereignty question, I’ll want to see how they plan to implement this technology within their offering,” Keitt said.

Dropbox also recently announced that it’s planning to add new data-storage sites in Europe this year.

Click here to view complete Q&A of N10-006 exam

Certkingdom 20% Discount Promotion Coupon Code: 45K2D47FW4

MCTS Training, MCITP Trainnig

Best Comptia N10-006 Certification, Comptia N10-006 Training at certkingdom.com

 

 

Posted in Tech | Tagged , , , | Leave a comment

The most innovative and damaging hacks of 2015

The year’s most significant attacks highlight how hackers are changing tactics — and how IT security must evolve in the year ahead

Not a week went by in 2015 without a major data breach, significant attack campaign, or serious vulnerability report. Many of the incidents were the result of disabled security controls, implementation errors, or other basic security mistakes, highlighting how far organizations have to go in nailing down IT security basics.

But looking beyond the garden-variety attacks and vulnerabilities lends great insight into the future of malicious activity and how to defend against it. And 2015 had its share of intriguing invasions, each of which highlighted the modified techniques that lead to new forms of breaches or pinpoint areas in need of new defenses. The past year saw cyber criminals adopting innovative approaches and state-sponsored actors becoming bolder. Motivations shifted, with financial gain no longer the sole reason for launching an attack. Inflicting physical damage, stealing trade secrets, hacking as a form of protest — 2015 was a year in which malicious activity served many ends.

The increasingly interconnected world means bad guys can cause a lot of damage; more important, many malicious actors now have the skills and means to carry out chilling attacks. Below is a roundup of some of the most significant incidents of the past year, each of which pushes the overall security conversation further, showing new paths and needs for defense. Which ones did we miss?

Bitcoin under barrage

Bitcoin — and the idea of crypto currency in general — captured mainstream attention this year, in part because of nefarious actors who used the platform as cover for payment. Ransomware gangs have demanded payment in bitcoins before unlocking victims’ files and folders, and blackmailers have demanded bitcoins in exchange for not launching DDoS attacks against websites. But bitcoin made security headlines several times in 2015 for a different reason: Thieves kept stealing bitcoins … lots of them.

European exchange Bitstamp suspended trading after discovering one of its operational bitcoin storage wallets was compromised in early January. The exchange is believed to be the world’s third busiest and handles approximately 6 percent of all bitcoin transactions. About 19,000 bitcoins, or roughly $5 million, were stolen at the time. That wasn’t the only bitcoin attack, as China-based exchange BTER reported in February that 7,170 bitcoins, or roughly $1.75 million, were stolen from its cold wallet system. Thieves stole 10.235 BTC, or roughly $2,500, from bitcoin startup Purse in October.

Consider it a twist on the traditional bank heist: Instead of looting bank accounts, exchanges are raided. In addition to showing there is real financial value associated with the virtual currency, the thefts highlighted the need “for an internationally recognized security standard” for bitcoin, said Florindo Gallicchio, director of information security in the Optiv Office of the CISO. In February, the Cryptocurrency Certification Consortium (C4) proposed 10 standardized rules for the creation, storage, audit, and use of bitcoins, as part of the Cryptocurrency Security Standard (CCSS).

While the amounts stolen aren’t insignificant, they pale in comparison to the 850,000 bitcoins, worth close to $450 million, that disappeared from Japanese-based exchange Mt. Gox in 2014. The exchange, believed to have handled 70 percent of all bitcoins, has since closed and entered bankruptcy. Japanese police believe the theft was an inside job.

As is often the case with technology, the exchanges have thus far focused on functionality and usability, with security an afterthought, said Steve Donald, CTO of Hexis Cyber Solutions. Many of the attacks relied on social engineering to gain a foothold on to the exchange’s network. Exchanges need to adopt secure code development practices, as well as dynamic and static code analysis to protect their applications. “Bitcoin exchanges should be highly incented to improve security as this will be a requirement before this new type of currency will achieve wide scale usage,” Donald said.

Cyber goes real-world

Cyber attacks that result in damage in the physical world happen far more often on TV shows than they do off-screen. It was scary when the Shamoon malware attack partially wiped or totally destroyed hard drives of 35,000 computers at Saudi oil company Aramco back in 2012. We saw the blurring between cyber and physical again — to be fair, the attack actually happened in 2014 and the report providing the details were released shortly before the end of the year — at an unnamed German steel mill when attackers manipulated and disrupted control systems. The blast furnace could not be properly shut down, resulting in “massive” damages, according to reports.

There is a tendency to think cyber attacks are about stealing data or knocking systems offline. There can be real-world damage, too. An attacker can potentially compromise a pharmaceutical company’s production process or quality control systems and modify the recipe for a particular drug. Hospital systems are also vulnerable to attack, especially since many legacy systems still in use cannot be secured. As much as 20 percent of hospitals are vulnerable to attacks that can disable critical care systems, Gallicchio said.

“People can be physically hurt from a cyber attack,” Gallicchio said.
Industrial control system security comes up a lot in conversation, but the incident at the German steel mill highlights the fact that the threat is no longer theoretical. One of the challenges facing industrial control system security, especially in manufacturing, is the simple fact that the systems are typically controlled and administered by operations and engineering departments, not IT. The operations and engineering teams are focused on reliability and make decisions at the expense of security in order to maintain uptime.

Improving defenses requires “a mix of basics and more contemporary defenses,” such as ensuring proper segmentation and access controls between different networks, Donald said.
Financial crime goes big

There were a number of attacks against financial institutions in 2015, but none was more audacious than the Carbanak crime ring, which targeted more than 100 banks and other financial institutions in 30 nations. Kaspersky Lab estimated the gang had stolen as much as $1 billion since late 2013 and had managed to stay under the radar for two years because it kept each transaction between $2.5 million and $10 million.

The scale of attacks against financial institutions indicate criminals are moving away from low-value consumer-related attacks such as identity and credit card theft in favor of high-value attacks. “The old ‘smash and grab’ jobs are becoming carefully orchestrated and executed jobs,” said Mike Davis, CTO of CounterTack.

The FBI also warned of an increase in social engineering campaigns where an attacker sends an email purporting to be from the CEO or another senior executive to the CFO or another executive authorizing a wire transfer. If the recipient is tricked and doesn’t validate the email’s authenticity before the transfer, that money is gone, usually for good.

While external attackers still pose the biggest threat to financial organizations, 2015 showed insiders can cause damage as well. Earlier this year, a former employee of Morgan Stanley pleaded guilty to stealing confidential data from more than 700,000 customer accounts while he was interviewing for a new job with two competitors. And external attackers target insiders who already have access to sensitive data. Encryption, dynamic security policies that travel with data, and robust multifactor authentication controls are some of the defenses financial institutions should consider to ensure that unauthorized individuals can’t read anything they shouldn’t be allowed to see, said Ron Arden, vice-president of Fasoo.
Health care on the breach radar

Some of the biggest breaches in 2015 involved health care organizations, including Anthem, Excellus BlueCross BlueShield, Premera Blue Cross, and CareFirst, to name a few. Eight of the 10 largest health care breaches happened in 2015, according to the U.S. Department of Health and Human Services.

It’s no surprise the attackers went after health care, since the companies tend to have valuable data, including names, addresses, Social Security numbers, medical records, and financial information. The data is difficult to change, meaning it has a longer shelf life and can be used in a variety of follow-up attacks. Attackers accessed more than 100 million health care records in 2015.

While some of the breaches may have been part of identity theft and other cyber crime activities, security experts believe Anthem was the work of Chinese state-actors. The attackers may have been after data on specific individuals for intelligence purposes, or they may have wanted intellectual property relating to how medical coverage and insurer databases are set up. The Chinese government has denied any involvement in the attacks, and Chinese authorities recently arrested individuals they claim had targeted Anthem for cyber crime purposes.

“Just like how the financial verticals evolved to the next-generation bank heists, we will soon see attackers use health care information records to support more sophisticated business models,” said Itzik Kotler, co-founder and CTO at SafeBreach.

These attacks were successful in large part because health care companies have not traditionally invested as much on security initiatives as financial institutions have. The Anthem breach, in particular, showed how far some health care companies lag on basic security best practices. As Target shook the retail sector out of its complacency in 2014, Anthem made the health care industry sit up and notice the very real dangers it faces.

Worse, encryption practices around sensitive data had no effect. In many health care breaches, users were socially engineered out of their credentials, letting attackers easily bypass encryption controls. It doesn’t take a lot, either. Attackers stole 80 million personal records from a large health care insurance company by compromising only five user accounts, Eric Tilenius, CEO of BlueTalon, said. “Every company should ask, ‘How much data would be exposed if a user account gets compromised?’ and then work to limit that exposure,” he said.

“It doesn’t matter how strong your security platform is, if employees aren’t properly trained in best security practices, it all can go out the window,” said Garry McCracken, vice president of technology at WinMagic.

Attacks as part of a long game

Perhaps the most intriguing, significant, and shocking security incident of 2015 was the attack against the U.S. Office of Personnel Management. The personal data of millions of government employees, U.S. military personnel, and government contractors who had received background checks and security clearances were stolen. In a typical data breach, the attackers target the organization because they want the information it has. In the case of OPM, the attackers didn’t want the records simply for the sake of having them, but to obtain background information on targeted individuals.

“[The OPM breach] represents human targeting at its finest, understanding that people are our biggest security risk … our weakest link in the chain,” said Renee Bradshaw, manager of solutions strategy at NetIQ, the security portfolio of Micro Focus.

The method of attack followed a formula: Target a subcontractor in a social engineering attack and steal credentials to gain access to the network. Plant malware on a system and create a backdoor. Exfiltrate data for months, undetected. The level of poor security practices at OPM “was astounding,” including lack of consistent vulnerability scanning and two-factor authentication, as well as untimely patch management, said Bradshaw.

The OPM breach also emphasized organizations’ vulnerability to social engineering. Government employees and contractors are now subject to security awareness training programs to learn about the dangers of spear phishing and other social media threats.

Vulnerabilities out of control

The attack against Hacking Team over the summer was an eye-opener. The Milan-based company developed and sold surveillance software to government agencies around the world. The company relied on zero-day vulnerabilities to develop software that was difficult to detect and could intercept communications. When an unknown individual released more than 400GB of data stolen from Hacking Team, including email communications, business documents, and source code, security researchers uncovered proofs-of-concept for three different zero-day vulnerabilities in Adobe Flash Player. While Adobe scrambled to fix the flaws as quickly as possible, cyber criminals were able to create exploits and use them in large-scale attacks.

“Hoarding zero-day exploits at both the national and private level is dangerous for everyone. We can’t expect to come out on top if we are sitting on these types of vulnerabilities,” said Tom Gorup, security operations leader at security consulting firm Rook Security.

Not reporting the vulnerabilities to the vendor for fixes means someone else can come along and find the same bug. If it was found in the first place, it stands to reason someone else will eventually find it, too. As Hacking Team learned the hard way, anyone can be breached. And once the vulnerabilities are public, everyone is at risk. Zero-day exploits are not like physical weapons in that the original owner has control over how and when it is used. The weapon can be used right back, with devastating consequences.

toc year in review 2015
“We need to refocus our cyber efforts to a defensive posture and let our infantry and airmen handle the offensive efforts,” Gorup said.
Government services leak too much info

As attacks against government agencies go, the IRS Transcript Service breach was small beans. Only 100,000 people had their information exposed through this breach, which is significantly less than the 21.5 million affected by the OPM breach. The attackers plugged in the victim’s name, address, and Social Security number into the IRS Get Transcript service to obtain detailed information such as income, employer name, and dependents.

More uniquely, attackers used legitimate services to convert basic personally identifiable information to determine detailed data that could be used to falsify tax returns and other forms of financial fraud. The same method can conceivably be used with the Department of Motor Vehicles’ online renewal process or with a property appraisal site maintained by the county. With the information obtained through these services, identity theft becomes easier. It was especially effective, as attackers enjoyed a 50 percent success rate using the stolen data, noted Morey Haber, vice president of technology at BeyondTrust.

“Many sites like the Get IRS Transcript website exist all over the Internet for state, local, and federal governments. The IRS was an easy target, but so are the others,” Haber said.
Forget cars, what’s happening with airplanes?

Vehicular hacking burst on to the scene in 2015 and grabbed a lot of security headlines, but we should be worried about all the things we don’t know regarding attacks on airplanes. About the time researchers Charlie Miller and Chris Valasek were exploiting a Chrysler’s UConnect infotainment system to remotely control a 2014 Chrysler Jeep Cherokee, there were reports the group behind the OPM breach had successfully obtained records of origins and destinations of United Airlines passengers, as well as passenger manifests. Another group of attackers also disrupted the IT systems for LOT Polish Airways, which resulted in the airline canceling 20 flights and grounding 1,400 passengers.

Then of course there’s the FBI’s claim that security researcher Chris Roberts caused a plane’s engine to climb when he was poking around aircraft systems while on a United Airlines flight. The jury’s out on whether Roberts actually managed to take over the jet.

Should these attacks concern us? Are airplanes at risk? Both United and LOT have refused to provide any information on the issues.

“The scary answer here is that we don’t know, and that’s both surprising and unsurprising at the same time,” said Johnathan Kuskos, manager of the threat research center at WhiteHat Security.

There are two different types of attacks to worry about. One targets IT systems, such as the airline website and check-in kiosks at the airport. The other targets onboard systems that actually power and control the aircraft. The onboard systems tend to be heavily sandboxed and are locked down. IT systems are more at risk. And according to WhiteHat’s vulnerability statistics report, every online application has at least one serious vulnerability.

“It’s hard to imagine that a professional criminal syndicate or state-sponsored hackers haven’t targeted these major airlines yet,” Kuskos said.
Getting around Apple’s walled garden

Palo Alto Networks this year uncovered XcodeGhost, a malware attack that infected iOS applications and existed in the App Store for months before being detected. The attack relied on iOS developers downloading a compromised version of Xcode, the iOS dev kit. Compromising a toolchain is not a new attack method, and XcodeGhost was extremely successful at infecting developers on a wide scale. The real danger lies in what lessons the XcodeGhost team learned from its success and how it will try again.

The way the malware infected iOS apps before they were distributed into the App Store was completely new, said Ryan Olson, intelligence director at Palo Alto Networks. Developers are vulnerable and attackers can piggy-back on their apps into the App Store, past Apple’s vaunted security measures.

“While the XcodeGhost malware was not particularly dangerous, it was groundbreaking in the way it gained access to millions of devices,” Olson said.

XcodeGhost showed people that Apple’s walled garden can be breached and at a wide scale. It forced app developers to clean up their systems, re-issue their applications, and be better about where they get their developer tools. In order to defend against similar attacks, iOS developers need to understand their dev systems and apps are valuable to attackers looking for ways to target iOS users.

“XcodeGhost was the first truly widespread malware that impacted non-jailbroken phones, it was a massive eye-opener for iOS users who had previously thought they were invulnerable to attack,” Olson said.

Juniper’s unauthorized backdoor scandal
Juniper Networks recently uncovered unauthorized code in its Juniper NetScreen firewalls that could allow attackers to decrypt VPN traffic. The issue arose from the fact that Juniper used Dual_EC_DRBG, a known flawed random-number generator, as the foundation for cryptographic operations in NetScreen’s ScreenOS. Juniper claimed it used additional precautions to secure the random number generator. It turned out the safeguards were ineffective.

The backdoor in Dual EC can be viewed as two parts, where one adds a second keyhole that overrides the normal lock on a door, and the other is a specific lock cylinder that fits that keyhole, Matthew Green, a cryptographer and assistant professor at Johns Hopkins University, wrote on Twitter. The attackers replaced the NSA-approved lock cylinder with their own lock cylinder. They wouldn’t have been able to replace the cylinder if the door hadn’t been modified with the keyhole in the first place.

In the end, someone somewhere was able to decrypt Juniper traffic in the United States and around the world. The matter is currently under investigation by the FBI.

“NSA built in a powerful eavesdropping backdoor. The attackers simply repurposed it by changing a few bytes of code,” Green said. “I’ll be honest, while I’ve been worrying about something like this for a long time. Seeing it actually happen is staggering.”

In light of the mounting pressure from government officials on the tech industry over encryption backdoors, what happened to Juniper is a clear example of how backdoors can be abused. 2016 will tell whether law enforcement and government will learn the lesson and back off on those demands.

Understanding 2015

It’s clear from looking at the attacks and breaches this year that the IT security industry is not well-positioned to defend itself. Knowing is half the battle, but there’s a long road ahead for organizations that don’t follow the basics of security best practices. “Security isn’t cheap, and when you’ve historically underinvested in security, what it takes to catch up in both technology investment and human capital is expensive,” said James Carder, CISO at LogRhythm and vice president of LogRhythm Labs.

Click here to view complete Q&A of N10-006 exam

Certkingdom 20% Discount Promotion Coupon Code: 45K2D47FW4

MCTS Training, MCITP Trainnig

Best Comptia N10-006 Certification, Comptia N10-006 Training at certkingdom.com

Posted in Tech | Tagged , , | Leave a comment

As 2015 ends, Ubuntu Linux misses its 200 million user goal

The popular Linux distribution set a lofty goal four years ago, and hasn’t come anywhere close.

With the end of 2015 imminent, Ubuntu appears to have fallen far short of the 200 million user goal it set back in 2011.

“[Our] goal is 200 million users of Ubuntu in four years,” Canonical CEO Mark Shuttleworth said at a developer summit in May 2011. “We’re not playing a game for developers’ hearts and minds—we’re playing a game for the world’s hearts and minds, and to achieve that we’re going to have to play by a new set of rules.”

As Linux site Phoronix points out, reports on Ubuntu server and desktop installations have yet to even pass 100 million. Ubuntu’s own website says the desktop operating system has more than 40 million users. Linux as a whole accounted for 1.61 percent of desktops accessing the Internet last month, according to NetApplications. By comparison, Windows 10 hit 9 percent of that market in November, the same month that Microsoft announced 110 million users of its latest OS.

With the PC market in decline overall, it’s unlikely that Ubuntu will get much help from the desktop side in hitting 200 million installs. As such, Ubuntu steward Canonical has made only minor changes to the desktop operating system lately, and has turned greater attention to smartphones and a converged smartphone-desktop OS. Still, Ubuntu’s phone efforts are slow-going so far, with one estimate claiming just 25,000 users as of September.

The “new set of rules” Shuttleworth spoke about may have referred to putting Ubuntu on other rapidly-growing device categories such as TVs and connected cars. But while Linux-based systems as a whole are making some strides in these areas, Ubuntu’s influence has been minimal.

Why this matters: The unmet goal of 200 million users underscores how difficult it is for a platform like Ubuntu to shift from desktops to other devices where the potential for growth is greater. It’s worth noting that Microsoft has set a similarly lofty ambition of 1 billion Windows 10 devices within three years—something that may be difficult to achieve unless Windows can latch onto new product categories such as smart homes, robots, and augmented reality.

 

Click here to view complete Q&A of LX0-103 exam

MCTS Training, MCITP Trainnig

Best Comptia LX0-103 Certification, Comptia LX0-103 Training at certkingdom.com

Posted in Comptia Linux | Tagged | Leave a comment

CompTIA, Cisco, Microsoft & other big enterprise IT firms miss Best Places to Work cut

Airbnb tops Glassdoor’s Best Places to Work in 2016 rankings

It’s not that the biggest names in enterprise IT and networking aren’t good places to work, according to employees submitting reviews to jobs and career marketplace Glassdoor. It’s just that they aren’t “Amazing!” or “Great!” places to be employed, according to Glassdoor’s list of the 50 Best Places to Work in 2016.

When approached by Glassdoor about this list, we weren’t surprised to see a buzzy young company like Airbnb atop the rankings, dethroning Google, which fell from No. 1 last year to No. 8 this time around. The likes of Hubspot, Facebook, LinkedIn and Zillow in the Top 10 also didn’t come as surprises.

But the very top companies weren’t all fresh faces: 40-plus-year-old Bain & Co. came in second.

So why didn’t some of the biggest names in enterprise networking and IT make the top 50? (Rankings are based on a proprietary algorithm that crunched information from 1.6 million anonymous reviews.)

Well, first, consider that the numbers across many of these companies are pretty darn close. The 50th company in the rankings, SolarCity, had a rating of 3.9 stars, whereas Microsoft, for example, has 3.8 and Cisco has a 3.7.

What passes for fun these days at Google, #8 on Glassdoor’s Best Places to Work 2016 list

A Glassdoor spokeswoman says that for Microsoft, “What seems to make the difference based on the data we’re seeing is Microsoft’s reviews are more subdued, and use the word ‘good’ a lot. For example: ‘Good salary and benefits’ and ‘Good work/life balance’ and ‘Good environment if you are in a good team with good management’.”

Compare that to the sort of language used in Airbnb reviews (“Amazing people, vibrant workplace, and an unbeatable culture” and “the founders are great people and I believe they have the best intentions for the company, the employees, and our community.”)

Common themes among the top-rated companies included employees feeling valued, unique cultures aligned with mission, smart colleagues, and great perks/benefits.

All this isn’t to say enterprise IT companies didn’t show up in the Top 50. In fact, #3 Guidewire makes back-end software for insurance companies – so, an enterprise IT company, but one you might not know if you’re not in that market. More familiar enterprise IT companies such as Akamai (#31), Salesforce (#32), F5 Networks (#33), Workday (#35) and Red Hat (#37) are all on the list, and then there are those big consumer AND enterprise outfits like Apple (#25).

Looking back at Glassdoor’s recent rankings – it has compiled this list for 8 years now – enterprise companies (depending on how you define them) are actually making a slightly stronger showing than in years past. So, it’s not like people working for Airbnbs and other cool companies are having all the fun.

Click here to view complete Q&A of LX0-104 exam

MCTS Training, MCITP Trainnig

Best Comptia LX0-104 Certification, Comptia LX0-104 Training at certkingdom.com

Posted in Comptia Linux | Tagged , , | Leave a comment

10 offbeat, odd, and downright weird places you’ll find Linux

Why worry about the desktop when you’ve conquered everything else?

The OS that took over the world
Let’s just get this out of the way: this isn’t the year of Linux on the desktop. That year will probably never arrive. But Linux has gotten just about everywhere else, and the Linux community can take a bow for making that happen. Android, based on the Linux kernel, is so prevalent on mobile devices that it makes the longstanding desktop quest seem irrelevant. But beyond Android there are a number of places where you can find Linux that are truly odd and intriguing, and by “places” we mean both strange devices and weird geographical locations. This slideshow will show you that it’s always the year of Linux pretty much everywhere.

Robot milking machines
Leave it to the Swedes to come up with a kinder, gentler milking machine: a “voluntary milking system” that cows enter when they want to be milked and are rewarded with a delicious “dietary concentrate.” The decision-making smarts of the VMS are powered by a tiny single-board computer running a compact Linux distribution. This job ad from DeLaval, the company that makes the VMS, looking for a Linux software engineer, gives you a sense of what exactly is involved in making this dairy robot work.

In-flight entertainment systems
The seatback screens in airplanes that allow you to scroll through movies and listen to music are powered by Linux, more often than not. Panasonic pitches its systems to airlines in hilariously semi-informed fashion as “leveraging robust standards such as Ethernet, Linux, and MPEG”; based on the fairly easy-to-find tales online of these systems spontaneously rebooting mid-flight, they aren’t doing Linux’s rock-solid reputation any favors. At least one software expert accidentally figured out how to lock your system up, if you’re bored and feel like denying yourself in-flight movies some day.

The International Space Station
When I put out feelers to potential sources saying I was writing about Linux in odd places, the good people at the Linux Foundation were justifiably eager to tell me that the laptops that astronauts and cosmonauts use day-to-day on board the International Space Station run Linux; the Foundation had helped train staff to deal with, as they put it, “dozens of laptops [with] extensive development needs for a very small number of users.” The Linux Foundation folks were perhaps too kind to mention the reason why the ISS transitioned these computers to Linux: they used to run Windows, but they got terrible malware infections.

North Korea
Back in 1999, when I was an editor at IDG’s LinuxWorld site, our sysadmin was very excited to learn about Red Flag Linux, a distro being developed in China, a country that was only beginning to open its economy up to the West. While that distro seems to have mostly been a way to gain leverage in the Chinese government’s battle with Microsoft, North Korea is using open source to power its computers as it remains isolated: Red Star OS powers the Hermit Kingdom’s computers, even though the GUI’s been given a superficially OS X-like makeover.

Sea-robots
Liquid Robotics is a company working to develop autonomous nautical robots — solar-powered, ocean-going versions of the drones that are becoming more and more ubiquitous in the skies. While the company is perhaps most famous for snagging Java developer James Gosling as its tech honcho, it’s also using Linux as the OS for its robo-vessels, which are going on year-long journeys. Think they’re encountering any real-life penguins out there in the water?

Crock Pot WeMo Smart Slow Cooker
You might think that the defining feature of a slow cooker is its simplicity: you put stuff in it, turn it on, it gets warm, and six or eight hours later you have a pot roast. But what if you can’t be there to turn it off in time? Well, you could buy the slightly more expensive model with a timer … or you could pay $130 for a Wi-Fi enabled Crock Pot WeMo Smart Slow Cooker, which runs on embedded Linux and is controllable from your cell phone, wherever you are! Sure, it seems to turn off when it loses Wi-Fi connectivity, but you don’t want to live with a non-Internet-capable slow cooker like some kind of medieval peasant.

Nuclear submarines
The U.S. nuclear submarine fleet has used Linux to power various systems for more than a decade, a development that began as important control systems started migrating up the stack from hard-wired individual components to overarching software. In particular, much of the sonar systems the Navy relies on are Linux-powered. Reliance on software makes security particularly important, and resistance to malware is one of the reasons the Navy rejected Windows. Not everyone shares their concerns, though: the U.K.’s Royal Navy apparently thinks that Windows is good enough for their nuclear subs.

Missionary work in Nigeria
The Transformational Eduction Network is a Christian missions organization operating throughout West Africa. One of their goals is to increase educational opportunity, and to that end they’re teaching students to use not just Windows, but Ubuntu Linux. Kwangs Dauda, the young Nigerian man shown in the photo here, was particularly excited about this aspect of his education, declaring that “When you learn how to use the computer you can preach through the computer.”

Barbie’s dream house, er, cubicle
A few years ago, in an attempt to modernize Barbie’s brand, Mattel came up with a host of possible new jobs for her. To help move past the “math is hard!” debacle, one of these new career paths was computer programmer — and while Barbie has her choice of development environments, her cube has some Tux the Penguin art, so we’re just going to assume she uses Linux. The Liberal Murmurs blog spun a tale in which she became a Debian developer, but we must regretfully admit that this remains non-canon as of press time.

Terrible, pointless computers
Sure, any OS can run on a good computer. But Linux is famous for being able to run anywhere, any time, no matter how ill-advised. So why not put it on a system powered by an 8-bit microcontroller, which you use to emulate a 32-bit ARM chip, with the whole thing running effectively at 6.5 Khz and taking two hours just to boot to a command line? Why not install it on a dead badger? (Do not attempt on a live one, as they have claws and teeth and such.) It’s Linux’s flexibility and suitability for even the most ill-advised environments that make the other actually useful weird Linux installs in this slideshow possible.

Click here to view complete Q&A of LX0-104 exam

MCTS Training, MCITP Trainnig

Best Comptia LX0-104 Certification, Comptia LX0-104 Training at certkingdom.com

Posted in Tech | Tagged , , , , | Leave a comment

10 affordable cities that offer good IT jobs

IT is everywhere, not just Silicon Valley. Here are the top 10 ‘off metro’ regions for IT workers, based on median salary and unemployment rate.


Affordable cities that offer good IT jobs

Across the U.S., smaller, “off metro” cities are home to talent that’s just as accomplished — you just need to know where to look. Here, CIO.com has put together a list of the 10 best cities for IT — ones that don’t involve sky-high rents and impossible costs of living.

Data on median income and percentage of workforce in technology comes from the U.S. Bureau of Labor Statistics. Data on population, unemployment rate — which covers all workers with at least a bachelor’s degree — and cost of living is from the U.S Census Bureau and U.S. Census Bureau’s American Community Survey.

Omaha, Nebraska
Omaha’s economy is booming, putting it squarely at the top of the list, and that’s great news for tech workers looking for work and for companies looking to lower overhead. With 3.7 percent of Omaha’s workforce in tech, an average salary of $74,710, and an unemployment rate of just 2.5 percent, it’s a great place to be an IT professional.

Huntsville, Alabama
Huntsville’s proximity to a number of military installations and aerospace research facilities makes it a thriving tech center. Though the city boasts a population of only about 180,000, nearly 13,000 of those residents, or 6.5 percent, work in technology, and the unemployment rate is a respectable 3.7 percent. With a median salary of $89,050, IT workers in Huntsville make more than their Los Angeles counterparts ($88,940) and with a lower cost of living.

Springfield, Illinois
As the capital of Illinois, it’s not surprising that the largest employer in the state’s sixth-largest city is the State of Illinois. But that offers plenty of opportunity for tech workers, who earn an average $85,000 a year, make up 3.2 percent of the overall workforce and enjoy an unemployment rate of just 3 percent.

Fort Worth, Texas
Forth Worth has proximity to some major IT employers, including Lockheed Martin Aeronautics, Bell Helicopter and American Airlines. With an average salary of $83,900, an unemployment rate of 3.7 percent and no state income tax, it’s a great city for the IT workers that make up 2.6 percent of its workforce.

Rochester, Minnesota
Rochester’s main claim to fame is the internationally renowned Mayo Clinic, and the city’s second-largest employer is IBM. There are approximately 5,000 IT workers in the region, making up 4.8 percent of the workforce. An average salary of $83,900 and an unemployment rate of just 1.9 percent makes it an incredible location for IT talent.

Lynchburg, Virginia
Though the Lynchburg metro area is fairly large, with an approximate population of about 250,000, the city of Lynchburg itself is only comprised of about 80,000, of which 2.6 percent are in technology fields. The unemployment rate is just 1.9 percent and the average salary is a respectable $79,440.

Des Moines, Iowa
Des Moines is rapidly growing as a heartland tech hub, adding over 700 technology jobs in 2014, according to Bureau of Labor Statistics data, which represents an increase of about 6 percent and bumping up the number of tech sector job participation to 3.8 percent. Median salary is $76,840, and the unemployment rate is a steady 2.6 percent.

Columbus, Ohio
Ohio State University and the Ohio Supercomputer Center contribute to Columbus’s standing as a central U.S. tech hub. The average salary is $78,790, the unemployment rate is 3.6 percent and the percentage of workers in the technology sector is 4 percent.

Houston, Texas
“Space City,” with its proximity to NASA and other aeronautics industries, as well as a focus on biomedical engineering and the energy industry contribute to Houston’s standing as a tech-centric city. The average salary is $88,230, the unemployment rate is 4.1 percent and the number of workers in the IT industry is 2.9 percent.

St. Louis, Missouri
There are more 40,000 technology workers in the St. Louis metro region, making up 3.3 percent of the total workforce. These numbers are bolstered by organizations like T-REX, a tech incubator and co-working space located in downtown, and LaunchCode, a non-profit that helps train IT workers and connect them with jobs. The average salary is $79,170 and the unemployment rate is 4.1 percent.
 

Click here to view complete Q&A of LX0-104 exam

MCTS Training, MCITP Trainnig

Best Comptia LX0-104 Certification, Comptia LX0-104 Training at certkingdom.com

 

Posted in Tech | Tagged | Leave a comment

200-601 IMINS2 Managing Industrial Networks for Manufacturing with Cisco Technologies

200-601 IMINS2
Managing Industrial Networks for Manufacturing with Cisco Technologies

Exam Number 200-601 IMINS2
Associated Certifications CCNA Industrial
Duration 90 Minutes (65 – 75 questions)

This exam tests concepts and technology commonly found in the automated manufacturing environment. This exam tests candidates on the Common Industrial Protocol (CIP) and ProfiNET industrial protocols and the underlying support network infrastructure design to maximize efficiency within Industrial Ethernet.

Exam Description
The exam Managing Industrial Networks for Manufacturing with Cisco Technologies (CCNA IMINS2) certification exam (200-601) is a 90 minute, 65 – 75 question assessment. This exam tests concepts and technology commonly found in the automated manufacturing environment. This exam tests candidates on the Common Industrial Protocol (CIP) and ProfiNET industrial protocols and the underlying support network infrastructure design to maximize efficiency within Industrial Ethernet.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

1.0 IP Networking 20%
1.1 Describe the difference between enterprise environments and industrial environments
1.2 Describe the components for making the data flow highly available and predictable in an industrial environment (QoS, IP addressing, protocol, and hardware resiliency)
1.3 Interpret and diagnose problems that are related to QoS
1.4 Describe the differences between redundancy and resiliency requirements / approaches between the Enterprise and the plant floor
1.5 Differentiate the capabilities of switch types
1.6 Describe the life cycle of a multicast group
1.7 Describe and configure the operation and use cases for NAT
1.8 Describe and configure the operation and use cases for static routing
1.9 Describe and configure VLAN trunking to a virtual switch
1.10 Describe and configure Layer 2 resiliency protocols (Spanning Tree, REP, Flex Links, and Etherchannels)
1.11 Configure switch ports ( macros, threshold alarms)

2.0 Common Industrial Protocol (CIP) Knowledge and Configuration 19%
2.1 Explain the CIP connection establishment process
2.2 Explain producer/consumer models and implicit/explicit message models
2.3 Recognize communication abilities and capacities in different hardware/hardware generations (revisions)
2.4 Identify and describe the technologies that enable CIP Motion and CIP Safety
2.5 Identify the applicability, limitations, and components of a DLR implementation
2.6 Implement multicast features for CIP within a LAN
2.7 Optimize RPI on a CIP connection given a set of parameters
2.8 Enable and configure IEEE 1588 PTP at the system level
2.9 Configure the Stratix using the Add On Profile (AOP) in Studio 5000

3.0 ProfiNET Knowledge and Configuration 19%
3.1 Describe the differences in ProfiNET support between Cisco catalyst and Cisco Industrial Ethernet (IE) switches
3.1.a Support for VLAN 0
3.1.b Support for ProfiNET LLDP
3.1.c Support for GSDs (integration into SIMATIC STEP 7)

3.2 Describe the operation and purpose of ProfiSAFE
3.3 Describe the three basic ProfiNET devices and conformanceclasses
3.4 Describe the ProfiNET application classes and communication channels
3.5 Describe DHCP and how it can be used for IP addressing of devices and configuration pushes
3.6 Describe ring network requirements for ProfiNET
3.7 Enable ProfiNET on the switch
3.8 Enable Layer 2 QoS to ensure ProfiNET is prioritized
3.9 Integrate the Cisco Industrial Ethernet Switch in SIMATIC STEP 7
3.10 Configure and monitor ProfiNET alarm profiles on IE switches

4.0 Security 12%
4.1 Describe the defense in-depth approach to securing the industrial zone
4.2 Identify how a security component (hardware/software) applies to a network device to meet the network security definition of defense in depth
4.3 Describe network device hardening
4.4 Describe the concept and mechanisms of implementing logical segmentation
4.5 Identify possible options to control traffic between zones (ACLs, firewalls, VLANs)

5.0 Wireless 10%
5.1 Describe the differences between 802.11a/b/g/n/ac
5.2 Describe the components that you need to build multiple wireless networks on a single access point
5.3 Describe the difference between autonomous and controller-based access points and wireless workgroup bridges
5.4 Demonstrate a typical switchport configuration for autonomous and controller-based access points
5.5 Describe the limitations of using a workgroup bridge with a control communication

6.0 Troubleshooting 20%
6.1 Troubleshoot advanced Layer 1 problems such as mechanical deterioration, electromagnetic noise issues, and infrastructure mismatches
6.2 Troubleshoot VLAN trunking
6.3 Troubleshoot an error disabled port
6.4 Troubleshoot basic spanning tree port state and root priority problems
6.5 Troubleshoot Layer 3 problems by inspecting route tables and NAT tables
6.6 Troubleshoot Layer 3 problems in a VRF-lite enabled environment
6.7 Demonstrate the ability to find the location of a device within a multi-switch network given an IP address
6.8 Identify methods for troubleshooting a communication problem in a CIP environment
6.9 Troubleshoot CIP using an Ethernet/IP browse tool, command line, and a web browser
6.10 Troubleshoot device communications performance
6.11 Identify the source of cable and device faults in a DLR
6.12 Identify methods for troubleshooting a communication problem in a ProfiNET environment
6.13 Troubleshoot ProfiNET using SIMATIC STEP 7 to view network topology, use the switch command line

 

Click here to view complete Q&A of 200-601 exam

MCTS Training, MCITP Trainnig

Best Cisco 200-601 Certification, Cisco 200-601 Training at certkingdom.com

 

Posted in Cisco | Tagged , , , , , , | Leave a comment

200-355 Implementing Cisco Wireless Networking Fundamentals

200-355 Implementing Cisco Wireless Networking Fundamentals

Exam Number 200-355
Associated Certifications CCNA Wireless
Duration 90 minutes (60-70 questions)
Available Languages English
Register Pearson VUE
Exam Policies Read current policies and requirements
Exam Tutorial Review type of exam questions

This exam tests a candidate’s knowledge of Radio Frequency (RF) and 802.11 technology essentials along with installing, configuring, monitoring and basic troubleshooting tasks needed to support Small Medium Business and Enterprise wireless networks.

Exam Description
The Implementing Cisco Wireless Network Fundamentals (WIFUND) exam (200-355) is a 90-minute, 60–70 item assessment that is associated with the CCNA Wireless certification. This exam tests a candidate’s knowledge of Radio Frequency (RF) and 802.11 technology essentials along with installing, configuring, monitoring, and basic troubleshooting tasks needed to support Small Medium Business and Enterprise wireless networks. Candidates can prepare for this exam by taking the Implementing Cisco Wireless Network Fundamentals (WIFUND) course.

The following topics are general guidelines for the content that is likely to be included on the exam. However, other related topics may also appear on any specific instance of the exam. To better reflect the contents of the exam and for clarity purposes, these guidelines may change at any time without notice.

1.0 RF Fundamentals 13%
1.1 Describe the propagation of radio waves

1.1.a Frequency, amplitude, phase, wavelength (characteristics)
1.1.b Absorption, reflection, diffraction, scattering, refraction, fading, free space path loss, multipath

1.2 Interpret RF signal measurements

1.2.a Signal strength (RSSI, Transmit power, receive sensitivity)
1.2.b Differentiate interference vs. noise
1.2.c Device capabilities (smartphones, laptops, tablets)
1.2.d Define SNR

1.3 Explain the principles of RF mathematics

1.3.a Compute dBm, mW, Law of 3s and 10s,

1.4 Describe Wi-Fi antenna characteristics

1.4.a Ability to read a radiation pattern chart
1.4.b Antenna types and uses
1.4.c dBi, dBd, EIRP

2.0 802.11 Technology Fundamentals 13%

2.1 Describe basic Wi-Fi governance

2.1.a Describe regional regulatory bodies (such as, FCC / ETSI/ NTT)
2.1.b IEEE 802.11
2.1.c Wi-Fi Alliance

2.2 Describe usable channel and power combination

2.2.a Regional EIRP limitation examples
2.2.b ISM, UNII frequency bands
2.2.c Describe RRM fundamental(s)

2.3 Describe 802.11 fundamentals

2.3.a Modulation techniques
2.3.b Channel width
2.3.c MIMO / MU-MIMO
2.3.c (i) MRC
2.3.c (ii) Beam forming
2.3.c (iii) Spatial streams
2.3.d Wireless topologies
2.3.d (i) IBSS
2.3.d (ii) BSS
2.3.d (iii) ESS
2.3.e Frame types
2.3.e (i) Management
2.3.e (ii) Control
2.3.e (iii) Data

3.0 Implementing a Wireless Network 16%

3.1 Describe the various Cisco wireless architectures

3.1.a Cloud
3.1.b Autonomous
3.1.c Split MAC
3.1.c (i) FlexConnect
3.1.c (ii) Centralized
3.1.c (iii) Converged

3.2 Describe physical infrastructure connections

3.2.a Wired infrastructures (AP, WLC, access/trunk ports, LAG)

3.3 Describe AP and WLC management access connections

3.3.a Management connections (Telnet, SSH, HTTP, HTTPS, console)
3.3.b IP addressing: IPv4 / IPv6
3.3.c Management via wireless

4.0 Operating a Wireless Network 20%

4.1 Execute initial setup procedures Cisco wireless infrastructures

4.1.a Cloud
4.1.b Converged
4.1.c Centralized
4.1.d Autonomous

4.2 Describe the Cisco implementation of the CAPWAP discovery and join process

4.2.a DHCP
4.2.b DNS
4.2.c Master-controller
4.2.d Primary-secondary-tertiary

4.3 Distinguish different lightweight AP modes

4.4 Describe and configure the components of a wireless LAN access for client connectivity using GUI only

4.5 Identify wireless network and client management and configuration platform options

4.5.a Controller GUI and CLI
4.5.b Prime infrastructure
4.5.c Dashboard
4.5.d ISE

4.6 Maintain wireless network

4.6.a Perform controller configuration backups
4.6.b Perform code updates on controller, APs, and converged access switches
4.6.b (i) AireOS: boot loader (FUS), image
4.6.b (ii) IOS-XE: bundle, unbundle
4.6.b (iii) Autonomous

5.0 Configuration of Client Connectivity 16%

5.1 Identify authentication mechanisms

5.1.a LDAP, RADIUS, local authentication, WebAuth, 802.1X,PSK

5.2 Configuring WLAN authentication mechanisms on the controller

5.2.a WebAuth, 802.1X, PSK
5.2.b TKIP deprecation

5.3 Configure client connectivity in different operating systems

5.3.a Android, MacOS, iOS, Windows

5.4 Describe roaming

5.4.a Layer 2 and Layer 3
5.4.b Intracontroller and intercontroller
5.4.c Centralized mobility
5.4.d Converged mobility

5.5 Describe wireless guest networking

5.5.a Anchor controller
5.5.b Foreign controller

6.0 Performing Client Connectivity Troubleshooting 13%

6.1 Validating WLAN configuration settings at the infrastructure side

6.1.a Security settings
6.1.b SSID settings

6.2 Validating AP infrastructure settings

6.2.a Port level configuration
6.2.b Power source
6.2.c AP and antenna orientation and position

6.3 Validate client settings

6.3.a SSID
6.3.b Security
6.3.c Device driver version

6.4 Employ appropriate controller tools to assist troubleshooting

6.4.a GUI logs
6.4.b CLI show commands
6.4.c Monitor pages
6.4.c (i) CleanAir (controller GUI)

6.2 Identify appropriate third-party tools to assist troubleshooting

6.2.a OS-based Client utilities
6.2.b Wi-Fi scanners
6.2.c RF mapping tool

7.0 Site Survey Process 9%

7.1 Describe site survey methodologies and their purpose

7.1.a Offsite (predictive / plan)
7.1.b Onsite
7.1.b (i) Predeployment (AP on a stick)
7.1.b (ii) Post deployment (validation)

7.2 Describe passive and active site surveys

7.3 Identify proper application of site survey tools

7.3.a Spectrum analyzer
7.3.b Site surveying software

7.4 Describe the requirements of client real-time and non-real-time applications

 

Click here to view complete Q&A of 200-355 exam

MCTS Training, MCITP Trainnig

Best Cisco 200-355 Certification, Cisco 200-355 Training at certkingdom.com

 

Posted in Cisco | Tagged , , , , , , | Leave a comment

LX0-104 CompTIA Linux+ Powered by LPI 2


QUESTION 1
Which of the following commands puts the output of the command date into the shell
variable mydate?

A. mydate=”$(date)”
B. mydate=”exec date”
C. mydate=”$((date))”
D. mydate=”date”
E. mydate=”${date}”

Answer: A


QUESTION 2
What is the purpose of the file /etc/profile?

A. It contains the welcome message that is displayed after login.
B. It contains security profiles defining which users are allowed to log in.
C. It contains environment variables that are set when a user logs in.
D. It contains default application profiles for users that run an application for the first time.

Answer: C


QUESTION 3
When the command echo $$ outputs 12942, what is the meaning of 12942?

A. It is the process ID of the echo command.
B. It is the process ID of the current shell.
C. It is the process ID of the last command executed.
D. It is the process ID of the last command which has been placed in the background.

Answer: B


QUESTION 4
What output will the following command produce?
seq 1 5 20

A. 1
6
6

B. 1
5
15

C. 1
2
3

D. 2
3
5

E. 5
15
20

Answer: A


QUESTION 5
Which of the following SQL queries counts the number of occurrences for each value of the
field order_type in the table orders?

A. SELECT order_type,COUNT(*) FROM orders WHERE order_type=order_type;
B. SELECT order_type,COUNT(*) FROM orders GROUP BY order_type;
C. COUNT(SELECT order_type FROM orders);
D. SELECT COUNT(*) FROM orders ORDER BY order_type;
E. SELECT AUTO_COUNT FROM orders COUNT order_type;

Answer: B

 

Click here to view complete Q&A of LX0-104 exam

MCTS Training, MCITP Trainnig

Best Comptia LX0-104 Certification, Comptia LX0-104 Training at certkingdom.com

Posted in Comptia Linux | Tagged , , , , , | Leave a comment

LX0-104 Implementing Cisco Video Network Devices (VIVND)

QUESTION 1
Which of the following commands puts the output of the command date into the shell
variable mydate?

A. mydate=”$(date)”
B. mydate=”exec date”
C. mydate=”$((date))”
D. mydate=”date”
E. mydate=”${date}”

Answer: A


QUESTION 2
What is the purpose of the file /etc/profile?

A. It contains the welcome message that is displayed after login.
B. It contains security profiles defining which users are allowed to log in.
C. It contains environment variables that are set when a user logs in.
D. It contains default application profiles for users that run an application for the first time.

Answer: C


QUESTION 3
When the command echo $$ outputs 12942, what is the meaning of 12942?

A. It is the process ID of the echo command.
B. It is the process ID of the current shell.
C. It is the process ID of the last command executed.
D. It is the process ID of the last command which has been placed in the background.

Answer: B


QUESTION 4
What output will the following command produce?
seq 1 5 20

A. 1
6
6

B. 1
5
15

C. 1
2
3

D. 2
3
5

E. 5
15
20

Answer: A


QUESTION 5
Which of the following SQL queries counts the number of occurrences for each value of the
field order_type in the table orders?

A. SELECT order_type,COUNT(*) FROM orders WHERE order_type=order_type;
B. SELECT order_type,COUNT(*) FROM orders GROUP BY order_type;
C. COUNT(SELECT order_type FROM orders);
D. SELECT COUNT(*) FROM orders ORDER BY order_type;
E. SELECT AUTO_COUNT FROM orders COUNT order_type;

Answer: B

 

Click here to view complete Q&A of LX0-104 Exam

MCTS Training, MCITP Trainnig

Best CompTIA LX0-104 Certification, CompTIA LX0-104 Training at certkingdom.com

Posted in Comptia Linux | Tagged , , , , , , | Leave a comment